CVE-2026-6350
Stack-Based Buffer Overflow in MailGates Enables Remote Code Execution
Publication date: 2026-04-16
Last updated on: 2026-04-16
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openfind | mailgates | to 5.2.10.099 (exc) |
| openfind | mailgates | to 6.1.10.054 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-6350 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-6350 is a critical stack-based buffer overflow vulnerability in Openfind's MailGates/MailAudit software versions prior to 6.1.10.054 (6.0 series) and 5.2.10.099 (5.0 series).
This vulnerability allows unauthenticated remote attackers to manipulate the program's execution flow and execute arbitrary code on the affected system.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain control over the affected MailGates/MailAudit program's execution, potentially allowing them to run arbitrary code remotely without any authentication.
This can lead to full compromise of the system running the vulnerable software, including unauthorized access, data theft, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-6350 vulnerability, you should update MailGates/MailAudit to a secure version.
- For MailGates/MailAudit 6.0 series, update to version 6.1.10.054 or later.
- For MailGates/MailAudit 5.0 series, update to version 5.2.10.099 or later.
These updates address the critical stack-based buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The CVE-2026-6350 vulnerability affects MailGates/MailAudit versions prior to 6.1.10.054 (for 6.0 series) and prior to 5.2.10.099 (for 5.0 series). Detection primarily involves identifying the installed version of MailGates/MailAudit on your system.
To detect if your system is vulnerable, you can check the installed version of MailGates/MailAudit by running commands that query the software version. For example, if the software provides a command-line interface, you might use commands like:
- mailgates --version
- mailaudit --version
If these commands are not available, you may check the version via package management tools or by inspecting the software's installation directory or documentation.
Since this vulnerability allows unauthenticated remote exploitation, monitoring network traffic for suspicious activity targeting MailGates/MailAudit services could also help detect exploitation attempts, but specific detection commands or signatures are not provided in the available resources.
The recommended mitigation is to update MailGates/MailAudit to version 6.1.10.054 or later for the 6.0 series, or 5.2.10.099 or later for the 5.0 series.